eCryptfs in Ubuntu (Lucid)

In OS X I use FileVault, and I also like to create an encrypted disk image—mounted automatically when I log in—which is used as Apache's root directory so that any sensitive files in there (configuration files containing passwords, etc) are protected if anyone gets access to the disk.

The newest version of Ubuntu has a simple option to encrypt a user's home directory using eCryptfs. eCryptfs can also be used to encrypt other directories. This is how to make /var/www (Apache's default root directory) encrypted:

Make sure any existing encrypted folders are backed up, just in case something goes wrong.

Move any files existing files out of /var/www.

Make a hidden directory to hold the encrypted files:

sudo mkdir /var/.www

Mount the hidden directory as an encrypted filesystem (use the passphrase used to encrypt your home folder*, as this passphrase is added automatically to the keyring by pam_ecryptfs when you log in, so it will be available for pam_mount to use):

Log out and back in again, or restart: /var/www should now be mounted as an encrypted filesystem (it'll be listed in /etc/mtab, if it's worked).

* The passphrase used to encrypt your home folder can be found by running

ecryptfs-unwrap-passphrase ~/.ecryptfs/wrapped-passphrase

and entering your login password. When your home directory was encrypted, eCryptfs took the passphrase and encrypted ("wrapped") it using your login password (when you change your login password, eCryptfs re-wraps the passphrase with it).